US Secret Service urges new money-laundering laws on privacy coins, cryptomixers

The anonymity afforded by cryptocoins is in the crosshairs of American legislators…

A Deputy Assistant Director at the US Secret Service has called on Congress to enact new laws to hunt down money launderers and criminals exploiting private cryptocoins and cryptocurrency ‘mixers’.

Speaking to the House of Representatives Committee on Financial Services on combating terrorism and illegal financing, Robert Novey notes that cryptocoins that promise greater anonymity are an obvious safe haven for criminals, and should be a clear focus for new legislation.

(Block)Chain Reaction

Dark web buyers and sellers have increasingly turned to coins like Monero over Bitcoin when requesting payment for illicit services like drugs, stolen credit card numbers or even firearms.

Lawmakers may need to move quickly to impose top-down legislation, faster than the current case-by-case basis system adopted by the likes of the SEC, says Novey.

Privacy-focused cryptocoins like Monero promise a higher degree of anonymity by hiding the original source of transactions by mixing the coin that a user spends with a sample of other decoy coins known as ‘mixins’.

It’s the same principle as the most common anonymity system, Tor, which sends web traffic through three nodes between your Tor browser and the server you wish to visit, so that your anonymity is protected against one or two of them being compromised.

Still, research put out in April 2018 by the University of Illinois argued that Monero is not as untraceable as it appears, claiming 62% of all Monero transactions could be traced by using “chain-reaction” analysis to deduce the input by a process of elimination.

While all Bitcoin transactions are pseudonymous, displaying only a wallet address for verification, there are still ways to separate and tie those account numbers to specific parties.

Bitcluster, for example, is a Python-based data scraping tool developed by Montreal University cybersecurity researcher David Decary-Hetu. Bitcluster analyses all Bitcoin transactions and groups together Bitcoin wallet addresses based on their incoming and outgoing transactions. “This allows for accurate mapping of entities’ online activities, no matter how many Bitcoin addresses they are using,” says Bitcluster’s description.

Legal experts are less optimistic that regulation can stem the flow of criminal money laundering in the crypto space.

Richard Howlett is a commercial litigation solicitor at Selachii LLP in London.

Speaking to CryptoNewsReview.com, he said: “Applying regulation is relatively straightforward. Policing and enforcing it however, is a completely different matter.

“While honest traders and investors would of course adhere to regulations, the criminal element those new rules are aimed at would not really care. As such, regulating something which cannot be policed would only be effective against those whom the regulations are not meant for.”

“Given that the cryptocurrency market is now partially regulated, it is curious to see money laundering services being promoted openly,” they write.

Cryptographer David Chaum is credited with the invention of cryptographically secure remailers or mixers in his 1981 paper Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms.

This technology originally allowed email and other message traffic to be sent and received anonymously.

“Cryptographic ‘mixmaster’ remailers were a significant part of the cypherpunk culture from which Bitcoin emerged, and so it is unsurprising that various people started offering mixing services for Bitcoin, with evocative names such as Bitcoinfog, Coinjoin and Tumblebit, says Bitcoin Redux.

“A newer cryptocurrency, Zcash, has a kind of Aladdin’s laundry: it lets users put their coins back in the mine and get out new coins that are indistinguishable from other freshly mined coins.

“Some of these ‘schemes’, as cryptographers tend to call them, use clever tricks such as ring signatures and smart contracts. Others are simpler; one Bitcoin laundry turned out to be just a single fat wallet, and if a customer paid in some Bitcoin on a Monday, the operator would return a slightly smaller sum on Tuesday.

“But whatever the quality of the mixing – in some technical sense – the underlying idea is that if you put one black coin into a sack with nine white ones and shake them hard enough, the output will be ten white coins.

“As all Bitcoin transactions ever made are in plain sight on the blockchain, the act of passing a Bitcoin through a laundry should put all its subsequent owners on notice that something may very well be wrong.

“When matters come to court, any laundries that are clearly identifiable as such are likely to have exactly the opposite effect from that asserted by their designers and operators. In short, people designing money laundering mechanisms have been using quite the wrong metrics of quality.”

Richard Howlett is clear that regulations and governance only work if the asset – in this case cryptocurrency – is controlled by the person regulating it.

“As no government can control a decentralised system like crypto, rules and laws like these are, in my opinion, pointless.

“Regulation may potentially make criminals work harder or smarter but none will stop what they are doing simply because Congress says they are not allowed to.

“Any form of payment can be abused by criminals, whether that’s fiat currency, diamonds, gold or whatever else. Why is crypto being demonised? Governments in general do not like the thought of decentralised currency systems they cannot control or manipulate, and if governments lose control of their currency, they have huge problems.

“You can make crypto illegal, and it will stop widespread adoption and protect fiat currencies, but it will never stop criminals from using any methods they wish to hide or launder money.”

Novey’s testimony concludes with the note that Congress should approve funds for the Secret Service to conduct a massive recruitment drive, as well as considering expanding the 2012 CLOUD Act, which requires American companies subject to warrants to provide data on US citizens, even if that data is stored on remote servers outside the US.